gabehcoud Posted May 2, 2016 Share Posted May 2, 2016 Aim: Preform arp-poisoning mitm attack on a open network e.g. Bruce Wayne Free WiFi, All that is required is http credentials, IMAP and POP3 Equipment: Wifi Pineapple Tetra and Nano Could somebody, ideally Darren Kitchen himself create a tutorial as to how i could go about connecting the tetra to an open network, scanning the subnet for a list of client ip's and routing the packets through the tetra saving the log to a pcap file. Also, if someone could recommend/open-source pcap file analyser for windows This is the only thing i want to be able to do with both the pineapples. If i can do this i will definitely recommend this device to my friends. At the moment i'm a little disappointed that i cant find anything on this :/ Thanks in Advance :) Quote Link to comment Share on other sites More sharing options...
QSDx25 Posted May 2, 2016 Share Posted May 2, 2016 I guess you should check Wireshark and use your imagination... If those are SSL connections, then sslsplit comes handy. Quote Link to comment Share on other sites More sharing options...
gabehcoud Posted May 3, 2016 Author Share Posted May 3, 2016 There isnt a tutorial on ettercap and sslsplit its for https not http, pop3 or imap wireshark is for windows or gui linux and again there isnt a tutorial on it Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted May 3, 2016 Share Posted May 3, 2016 ...wireshark is for windows or gui linux... Not true. Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted May 3, 2016 Share Posted May 3, 2016 My biggest problem is I haven't been keeping up with SSL Security last I heard it was fixed in a way that prevents a hacker from stripping SSL and with just about all the major browsers forcing HSTS you'd technically have to use a really advanced method to trick a user into clearing their cache so that when a program sslstrip is ran it downgrades the security. I'm not 100% sure I understand the sslsplit however I haven't tried to use it yet so maybe if I installed and and played with it I'd know what it does. Quote Link to comment Share on other sites More sharing options...
QSDx25 Posted May 3, 2016 Share Posted May 3, 2016 My biggest problem is I haven't been keeping up with SSL Security last I heard it was fixed in a way that prevents a hacker from stripping SSL and with just about all the major browsers forcing HSTS you'd technically have to use a really advanced method to trick a user into clearing their cache so that when a program sslstrip is ran it downgrades the security. I'm not 100% sure I understand the sslsplit however I haven't tried to use it yet so maybe if I installed and and played with it I'd know what it does. I see that they released ssltrip2 which bypass HSTS. https://github.com/LeonardoNve/sslstrip2 True/False? Quote Link to comment Share on other sites More sharing options...
gabehcoud Posted May 3, 2016 Author Share Posted May 3, 2016 The thing is i dont want ssl, i want a arp poisoning attack for plain text passwords, imap and pop3. can anyone please just either link or make a tutorial as to how i can do this? starting to get annoying Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted May 4, 2016 Share Posted May 4, 2016 The thing is i dont want ssl, i want a arp poisoning attack for plain text passwords, imap and pop3. can anyone please just either link or make a tutorial as to how i can do this? starting to get annoying Closest I could find and it's really not the best Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.